This is your credit balance. Even if you are an anonymous user, you are given
some credits to spend. Every IP address has its own account and it is provided with free credits that can be
used to pay for Online Domain Tools services. Moreover, credit balance is reset every day. This is why we call
them Daily Credits. Registered users have higher Daily Credits amounts and can even increase them by purchasing
subscriptions.

Besides Daily Credits, all accounts, including IP address accounts of anonymous
users, have their credit Wallet. Wallet credits are not reset on a daily basis, but they are only spent when a
user has not enough Daily Credits. Registered users can buy credits to their wallets. All IP address accounts
are created with an initial Wallet balance of
3.00. Once IP address account spends
credits from its Wallet, it can not be charged again. This should allow new users to try most of Online Domain
Tools services without registration.

Phase 1 – Fill-in Your Request

Unfortunately, new registrations are not available now due to deprecation of the ACME v1 protocol that we use.
You might be able to generate new certificates if you have a valid registration already (i.e. if you reuse the email you used before).

The table in Checkout section clearly summarizes prices that are associated with options you choose
in the tool's form.

Your credit balance is displayed on the right side above the main menu. Even if you are an anonymous user,
you are given some credits to spend. Every IP address has its own account and it is provided with free credits that can be used to
pay for Online Domain Tools services. Moreover, credit balance is reset every day. This is why we call them Daily Credits.
Accounts of registered users have higher Daily Credits amounts and can even increase them by purchasing subscriptions.

Besides Daily Credits, all accounts, including IP address accounts of anonymous users, have their credit
Wallet. Wallet credits are not reset on a daily basis, but they are only spent when a user has not enough Daily Credits. Registered users
can buy credits to their wallets. All IP address accounts are created with an initial Wallet balance of
3.00. Once IP address account spends credits from its Wallet, it can not be charged again.
This should allow new users to try most of Online Domain Tools services without registration.

The certificate generator tool is powered by Let's Encrypt by the Internet Security Research Group.
Let's Encrypt is a free certificate authority that provides an interface for generating trusted SSL/TLS certificates.
Let's Encrypt also offers software tools that allow completely automatic management of the certificates. However, not all platforms are supported
for the automatic management, and also some of the end users may prefer generation and installation of their certificates "manually".
This is what Free SSL/TLS Certificate Generator is all about.

This tool is a simple online interface to Let's Encrypt platform. It can ask Let's Encrypt to generate a trusted certificate for your domain,
and it fully supports multi-domain certificates (via Subject Alternative Name (SAN) certificate field). This means that you can protect
not only your primary domain, but also its subdomains, with a single certificate. Let's Encrypt platform does not support wildcard certificates,
so we are not able to generate them for you.

In order to generate a certificate, a Certificate Signing Request (CSR) is needed. Our generator can either generate a CSR for you,
or you can provide your own CSR on the input.

This tool runs fully over HTTPS, which means that all data including certificates and private keys (if provided) that you submit or that
are transferred back to you are well protected and are safe to use in production environment. No sensitive data and files persist on our servers,
they are erased once the certificate generation completes.

The first version of Let's Encrypt platform only generates certificates that are valid for 90 days. This means you have to generate
new certificate about every 3 months. In the future Let's Encrypt may decide to allow generation of certificates with longer validity period,
this topic is, among others, being discussed in their mailing list.

Terms of Service

By generating and using Let's Encrypt certificate, you agree with their Certificate Policy and Subscriber Agreement. These documents are available
on the Let's Encrypt Policy and Legal Repository page. By using our Free SSL/TLS Certificate Generator
you authorize this tool to ask Let's Encrypt to generate a certificate on your behalf. You agree that we act only as an agent between you and Let's Encrypt
for the sole purpose of helping you to obtain the certificate from Let's Encrypt. You are fully responsible for using the certificate properly and according to Let's Encrypt terms.
You agree to ask for generation of certificates only for domains that you own or which you are authorized to manage and generate certificates for.
You also agree that our tool makes a registration request to Let's Encrypt on your behalf using the email contact you have provided.
The email address is not used by Online Domain Tools for anything else – we will never send you any emails (nor provide it to a third party other than Let's Encrypt)
just because you have entered your email address to this form, but according to Let's Encrypt terms, they can contact you using this email. By using our tool, you confirm
that this email contact is valid and you are authorized to use it.

The process of generating a certificate works in three phases. In the first phase, you create a request to generate a certificate.
In the second phase, you have to verify all the domains that should be protected by the new certificate. In the third phase, the certificate
is generated and you can download the certificate files. In all phases, please make sure that all the steps are followed exactly as described
(make sure all inputs are in the specified format), or the process may fail.

To start with the first phase, simply enter your email address and all the domains that should be protected by the certificate to the Certificate Domains field.
Note that your email address is used solely for the purpose of making a registration request to Let's Encrypt. Let's Encrypt makes a simple validation
of the provided email contact, so make sure the email address is valid.
A common scenario is that you have a domain, such as example.com, and you would also like to protect
www.example.com. So you put them both to the Certificate Domains field. Your primary domain
is the first one in the list, other domains are treated as Subject Alternative Name.

Then you have to decide, whether you want to use your own CSR (which is highly recommended), or let us generate a CSR (and a private key) for you.
It is more secure if you do generate your own CSR and private key and give us only the CSR, in which case you are the only person
that has access to the private key. For some users, it might be easier to let us generate a CSR (and a private key),
in which case you have to check the Generate Certificate Signing Request and Private Key Automatically checkbox.
In this case, you need to provide additional information – the Key Size, the 2-letter Country Code,
and the name of your Organization. If you decide to use your own CSR, you have to copy your CSR in PEM format to the CSR textbox
and you may also provide your corresponding private key to the Private Key for CSR textbox, which again must be in the PEM format
and not protected by password. Providing your private key is only useful if you run Microsoft IIS web server and want us to generate
your certficate in ready-to-go PFX format, which can be very easily imported to your IIS server without additional work with OpenSSL.
If you run Apache or you know how to use OpenSSL, it is recommended not to provide your private key.
Once this is done, click the "Proceed to Domain Verification Phase!" button to continue. Note that CSR generated
by Microsoft IIS server will not work! Always use OpenSSL for CSR generation and make sure your key size is 2048 or 4096 bits.
If you are having problems with your own CSR, try to let us generate it for you and you will receive the generated CSR on the output together
with your certificate. You can then compare the generated CSR with the one you generated and possibly find where the problem was.
As a security measure, if you submit your CSR and private key files on the input and the process of generating your certificate fails
for any reason (including that you are unable to download the result), do not reuse the same CSR and private key files again.
If you want to try it again, generate new CSR and private key files.

In the phase two, you have to verify that you control all the domains you want to generate your certificate for. Please read the instructions
that appear on the screen carefully. For each domain, you will have to download a verification file and upload it to a specified location
on your web server. You must not alter the files in any way. Make sure they stay
in their original form – treat them as binary files. And you have to make sure that the verification files are publicly accessible.
Once you are sure your files are uploaded and publicly accessible, hit the "Verify Now!" button to continue.

If the verification succeeded, you have reached the third phase, in which your certificates are being generated by Let's Encrypt service.
All you need to do is wait for the result. If everything went well, you can now download your certificate. The certificate is delivered
in a ZIP archive together with a couple of other important files you may need. The archive contains the certificate in PEM format (good for Apache web server)
and PFX format (good for Microsoft IIS web server, protected by password 123456; only available if private key was provided or we generated it),
private key in PEM format (to be used with PEM certificate for Apache; only available if it was provided or we generated it),
CA bundle file in PEM format (for Apache again), and CSR in PEM format (not actually required for certificate installation).
If the private key was not provided or generated by us, there is a read-me file with information on how to create PFX version of certificate
using the PEM certificate and your private key using OpenSSL. The download
link is protected so that it can be downloaded only from your IP address – i.e. the IP address that you have accessed the tool from.
The certificate archive file will expire in 2 hours and will be deleted then.

During any phase, you may hit the "Cancel and Start Again!" button to start the whole process from the phase one. Note that in this case,
unlike most of the cases of failures, no credits are returned to your Online Domain Tools account.

Using Your Certificate

If you do not run your own web server, your hosting will provide you with the instructions on how to install your certificate to their system.

You can check that your certificate is installed properly by using our TLS/SSL Checker, which will also
check the security of your web server setup related to TLS/SSL.